Just wanted to give you all a heads-up that the old Blogger will be down for a couple hours tomorrow (Tuesday, January 9th, 2007). This scheduled outage applies to the old Blogger from 7:45am-9:45am PST. You will not be able to post to old Blogger blogs or access any old Blogger blogs on Blog*Spot during this time. We also will not be allowing any new accounts or new blogs to be created on the new Blogger during this outage. Google Groups will be also be undergoing planned maintenance on Tuesday the 9th. Accordingly, some features may be temporarily unavailable (including the Blogger Help Group).

Old Blogger, New Blogger, and Blogger Help Group all down at the same time. Might be a good day to take off.

Microsoft Windows is an incredibly complex operating system. Making an installation of computers running Windows work, at all, is a challenge. Making one work properly is even more of a challenge. Fortunately, thanks to the Internet, the problems which you may be observing today may have already been discussed, and resolved, by other folks before you. And there are many websites to give you advice, based upon those experiences.

Now, many websites offer you learned advice on various subjects; some on Windows Networking, as PChuck’s does. Many websites are procedure oriented. If you know what to do, they will give you details showing you how you can use a particular wizard. But – if you don’t know what to do, or how to solve a given problem, how are you going to find a solution? That’s like using a dictionary – some folks think that you can learn how to spell a word, by looking it up in a dictionary.

PChuck’s is organised by goal. For problem solving, it’s organised by symptom. Now, it’s not finished – few websites are ever actually finished. But give it a shot – it may have an answer or two for you.

Having reviewed the site introduction, you may find that there are several ways to benefit from the material here.

From my featured articles.

This week’s feature is a reminder to anybody installing a computer network, that Ethernet cannot be replaced by WiFi, without compromise and planning. The total bandwidth of a WiFi LAN is limited. You have to protect your LAN from your neighbors. And noise, both analogue and digital, will further reduce your bandwidth.

Last week’s feature was a pair of short advices about professional proactive techniques for ensuring that your computer, and network, are all running properly. Proactive monitoring of your computer, and of your network, can save you hours of wondering “what’s up with this?” when something isn’t running with its usual speediness. Learn about Finding, and Tracking, Computers On Your Network, and about Watching What Your Computer Is Doing, using free tools, each available for quick download.

From the current list of known Problems and Resolutions, which present a lightweight view of the various subjects, indexed by symptom.

From the various Tutorials, which present an in depth view of the various subjects, indexed by overall topic.

More articles are added frequently, and existing articles are revised even more frequently. Check here regularly, using a newsfeed reader for best results. And tell your friends about PChuck’s Network!

The Internet is a wonderful place to spend time – whether personally, professionally, or socially, you can travel to distant lands, and meet folks from the comfort of your bedroom / home office.

But it’s absolutely NOT a place to casually provide details about your self. And when you travel by internet, you absolutely must protect the vehicle (your computer) that you travel in. So stay aware what’s happening in Internet security.

The attack, IM.Marphish2.Yahoo, attempts to steal personal information by dupong a user into believing that they are in violation of Yahoo’s Terms of Service. The user is instructed to contact the “abuse department” through a URL that points to the 2wahms.com domain.

As always, please be very careful when presented any IM message that includes a URL. If the message is not part of an active conversation, OR if it’s from anybody that you don’t recognise, examine it with great suspicion. If you get an IM message, that contains a URL, from a friend, and you’re not in the middle of an active chat with that friend, take the time to verify that the message was intentionally sent. You could be helping both of you by doing this.

11/29 Yesterday, a friend wrote me for advice, as she was contemplating the purchase of a DVD burner for her recently purchased computer. I told her

Please don’t buy a Sony product.

And she didn’t. She bought a competitor’s product. This accomplished 2 things:

Overnight, Get Right with the Man dropped to No. 1,392 on Amazon’s music rankings. By Nov. 22 — after the news made headlines and Sony was deep into damage control, pulling some 4.7 million copy-protected disks from the market — Get Right with the Man was even further from Amazon’s Top 40, plummeting to No. 25,802.

The wrath of fans killed Sony’s CD copy controls, with the company pulling 52 titles off retail shelves, beginning the week of Nov. 14. But the wrath of bands could be far worse for the company — and for efforts to protect content in general.

Singers and songwriters are increasingly expressing frustration at devices used by record companies to protect digital content from widespread theft that results when CDs are copied repeatedly or popular tracks are given away on peer-to-peer (P2P) networks, such as LimeWire and BitTorrent.

Maybe, just maybe, Sony and the rest of the RIAA will decide that their customers (the ones that remain) deserve their respect, not their contempt. If they wish to stay in business, anyway.

Hackers are on target to release more than 6,000 keystroke loggers in 2005, a 65 per cent increase from the 3,753 keyloggers released last year.

And their delivery mechanisms are getting pretty sophisticated too. ISC SANS More Sober Variants warns of the latest Sober variant, which may arrive in your Inbox disguised as a letter from a US Government agency like the CIA or FBI (as if).

Be paranoid. Be very paranoid.

11/21 The lawsuits against Sony have started. Mark Lyon, of SonySuit.com, has a comprehensive list of the various actions underway around the world.
11/18 The whole Sony problem started some time ago. I first reported it, personally, over 2 weeks ago. Today, SSX4life, in BBR Forums Sony – Opinion and Future, points out

If you put a frog in a boiling pot of water it will try to jump out and struggle for dear life. However if you put a frog in a cold pot of water and slowing bring it up to temp the frog will more than willing sit and boil to death.

If Sony and other music, software, “tech” company’s slowing remove the rights of the consumer to a CD / DVD / Peice of software that you purchased then then what will happen to the every day consumer…

This is a small quote from this very long thread, and several like it, in BBR Forums and elsewhere.

It is very dark here, and this blog is a very small candle. I’m going to light it, though, and join the Sony Boycott. If you care about your rights, as a consumer of electronic content, you should join the boycott, and sign the petition, too. Demand your rights – it’s your money that pays the salaries of Sony, and of the RIAA.

11/17 As predicted yesterday, Sony’s uninstall procedures created a vulnerability worse than the original rootkit. Websense Security Labs have now published an alert stating

Websense® Security Labs™ has received reports of websites that are using the Sony DRM uninstaller as a means to perform malicious actions on end user machines.

Any user who has downloaded and run the Sony uninstaller program is susceptible to this attack.

Various security software vendors, such as Sophos and Symantec, have produced reliable rootkit removal programs. I do not recommend that you use any software provided by Sony.

According to Freedon To Tinker, the web based installer is a worse vulnerability than the original rootkit. More on the story here, FTT goes into detail. It seems the ‘cure’ from Sony involves downloading an ActiveX control called CodeSupport. This is a signed control that lets just about anyone download, install and execute arbitrary code on your machine.

Sony says 20 CD titles use this form of copy protection, from British firm First 4 Internet, but it won’t say which titles. The Electronic Frontier Foundation, a non-profit civil-liberties group, identifies 19 on its http://www.eff.org website from artists including Neil Diamond, Van Zant, Celine Dion and Switchfoot.

However, many watchers of Sony have identified way more than 20. Such as IdiotAbroad, which currently lists 47.

11/15 The Sony issue gets bigger each day. Wired News Sony Numbers Add Up to Trouble reports that AT LEAST half a million computers are out there, infected with Sony’s dirty work. That number was arrived at by technical research, it is absolotely accurate at the mimimum, and is most likely a lot lower than the actual count.
11/14 The Electronic Frontier Foundation has now entered the picture. In the BBR Forum Microsoft will wipe Sony’s ‘rootkit’ and more, a copy of the advice sent Sony by the EFF, regarding what Sony needs to do to make its image right with its customers, was presented. We will now see how responsive Sony is.
11/14 The discussion about Sony’s activities is continuing, and it appears that the Rootkit discovered recently is just the tip of the iceberg. Check out BBR Forums SONY throws in the towel … for now, for a very fast moving thread with diverse opinions.

Also, for a comprehensive, and dynamic, list of CDs (or things that look like CDs but aren’t), that you do not want to buy, see the CDR Bad CD list.

11/13 Here’s a neat game. You load a free keylogger on your computer, downloaded from WhatPulse. You form teams, and try to beat each others keystroke counts. WTH?

OK, the keylogger has been checked out, and this version is free from anything malicious. All that it does is count keystrokes. But what about future versions, or imitators versions? At best, this game is blurring the line between malware and irresponsible game playing. And what happens if this gets bought out by the bad guys? I just know one of them must be looking at this right now – it’s just perfect for exploitation.

My personal opinion? Encouraging folks to install a keylogger, even something benign (right now) is not something I would recommend. I don’t think this is post Sony paranoia speaking – I would always feel this way. I think this is irresponsible. What do you think?

11/12 BTW, I’m curious. Are there any folk out there reading this, who think that the whole Sony Rootkit thing is much ado about nothing? Well, now that the story is out, folks are looking backwards at previously reported problems. Look at, for instance BBR Security Forum Some earlier signs of Sony’s rootkit…, with a list that bears investigation.
11/12 Sony has backed down, at least publicly. In BBC News World Edition Sony stops making anti-piracy CDs

Sony has said it will suspend the production of music CDs with anti-piracy technology which can leave computers vulnerable to viruses.

I will try to keep an open mind, but for right now, Sony is off my Christmas shopping list.

11/11 The Sony Rootkit story just gets better and better. NPR (National Public Radio, for those of you not USA citizens) did a piece on it Sony Music CDs Under Fire from Privacy Advocates. They interviewed Sony BMG’s Global Digital Business President Thomas Hesse, who had the gall to say for the record

Most people, I think, don’t even know what a rootkit is, so why should they care about it?

Experts at SophosLabs™, Sophos’s global network of virus and spam analysis centres, have detected a new Trojan horse that exploits the controversial Sony DRM (Digital Rights Management) copy protection included on some of the music giant’s CDs.

The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine.

11/2 Is using a WiFi network, that you didn’t setup, theft? Some believe it is, others believe it’s not. I think there are a lot of grey areas.
If you have any feelings one way or the other, join BBR Forums (it’s free), and participate in this, and similar, discussions.
10/31 The RIAA continues to dig itself into a hole. Sony is now selling music which comes with self-installing software, in an attempt to enforce Copy Protection. If you try to play, for instance Get Right with the Man by the Van Zant Brothers, as distributed by Sony / BMG, on the CD player on your computer, you will have to install special drivers. These drivers protect themselves as a Rootkit.

When you try to play any similarly Copy Protected music, which is protected by First4Internet’s DRMServer, you will first have to agree to a EULA. Upon agreeing to the EULA, DRMServer will be installed on your computer. To protect DRMServer, which runs a process $sys$DRMServer.exe, your system will be modified to prevent you from even seeing any traces of processes named $sys$(anything) on your system. This, my friends, is a Rootkit.

Mark further discovered that the Rootkit will hide other files, such as one that he created in a test.

I studied the driver’s initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with “$sys$”. To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

This, my friends, is a dangerous Rootkit. What if one of the bad guys writes a very bad application, with programs using names protected by DRMServer, and gets it installed on your computer?

10/9Vista is Coming! I just recently spent 4 very intense and brief days in Seattle, as a guest of Microsoft, at MVP Summit 2005. I got my first actual look at Vista, and was treated to half a dozen very detailed descriptions about technical features of Vista. Security wise, it is 2 to 4 times as significant as Windows XP, as Windows XP SP2 was to Windows XP RTM. I can’t say more, but I will be updating my personal impression of it, as time permits. Watch this blog.
8/26 Occasionally there is good news. Today, just 2 weeks after Zotob hit the Internet, the US FBI and others arrested two suspects in its creation. CNet Nes.Com reports in Arrests made in probe of worm that hit ABC, others that the two suspects arrested are suspected of creating both the Mytob and Zotob worms.

This is only a start, but maybe fear of arrest, and fear of execution (as the good news on 7/26 described), might lessen the onslaught of malware just a bit.

But don’t stop protecting yourself just yet. Just don’t give up.

8/17 ZDNet Security Windows worms knocking out computers reports on the ongoing evolution and spread of Zotob, with the latest family member which Symantec has named Zotob.G. F-Secure suggests that the newer versions of Zotob are the product of rival gangs, each busily creating their own botnets.

“We seem to have a botwar on our hands,” Mikko Hypponen, chief research officer at Finnish software security firm F-Secure said in a statement issued on Wednesday.

“There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines,” he said.

Please patch your systems. If your system is infected, you might not notice anything right now. When the bots are activated, that might change.

8/16 The Zotob threat in particular, and the MS05-039 vulnerability in general, having stabilised (not gone away, just stabilised), ISC SANS is Back to InfoCon Green. Zotob is now just another worm, in the background noise on the Internet. Like other worms, it continues to mutate, and has most recently been identifed by Symantec as Zotob.E, which is an IRC Bot.

ISC SANS Zotob Update now reports that Zotob is adding a mass mailer to its payload. In Other Words, Zotob has now become part of the spammers world, and is probably providing financial reward for its releaser. Anybody surprised?

In another unfortunate turn of events, ISC SANS Zotob affecting some XP SP2/2003? recommends that you protect your servers by disabling anonymous connections. Note that they cover themselves by saying “…this will require testing to ensure it does not break valid applications.”.

Seemingly a harmless and simple change to make, it has been my experience that, if you depend upon seeing a neat list of all of the computers on your network, in a portion of your desktop known as “My Network Places”, or “Network Neighborhood”, that disabling anonymous connections will also disable any server from being displayed there. I’m trying to get a confirmation out of Microsoft. Right now, if you are reading the SANS diary referenced above, please don’t go disabling all anonymous connections, at least without knowing the possible consequences.

So the predictions from Friday, which prompted SANS to go to a Yellow Alert, have been proven to be correct.

Patch up, folks. Please.

8/12 Happy Black Tuesday Week, everybody. Yes, last Tuesday was the first Tuesday of the month. And Microsoft issued a suite of updates, including 3 Critical ones. You may see them reviewed in the SANS Diary Microsoft Security Bulletins for August.

Don’t go away yet, though – this gets better. Today’s SANS Diary POC code available for multiple updated MS vulns announces that, of the 6 vulnerabilities admitted to by Microsoft, no less than 4 of them have Proof Of Concept code published, which will exploit the announced vulnerabilities.

The Internet Storm Center main page is now at Yellow Alert. This is only the second time that I can remember this being the case since they implemented the colour system.

Both Microsoft, and SANS (and myself) all recommend that you apply all Critical Patches – MS05-038, MS05-039, and MS05-043 – at your most immediate convenience, if not sooner; and the other three – MS05-040, MS05-041, and MS05-042 – soon afterwards. All users of the Internet thank you for your cooperation.

8/11 The bad buys are getting either more brazen – or more desperate – you decide which.

Since people are getting more and more suspicious of ANY email that asks them to fill out private information online (which is good), ZDNet Security: New scam asks people to fax away data reports that the scammers are now asking you to download a form, fill it out, and fax it to a toll free phone number.

Whether the bad guys giving you a phone number is a stupid move on their part (you can give the number to the police, who can locate the bad guys), or a genius move (the bad guys know you would try to do that, so you would never believe that it was a scam), is being debated.

One thing is obvious: You can not trust ANY email that asks you for ANY personal data, in any form. End of story.

8/3 The Internet is a big community, composed of lots of little communities. And the bad guys, and potentially bad guys, are getting into the act, in new ways, all of the times.

Everybody wants a new ways to get “eyes” – that is, to put up a web pages, and get visitors to come once, and come back, over and over. One of the newer ways is to provide online databases, “free” to all who wish to participate. Create a new type of community, in other words.

What a neat idea. NOT.

A couple months ago, we had the Birthday Reminder database. Send us your email address, and your birthday. And send us your friends email addresses, and their birthdays. And “we” (our automated mailer) will email YOU when one of your friends birthdays is coming up. What a deal.

Can you say “Identity Theft”? I bet you can, if you try.

This month, we have blatent online databases – Online Contact Databases. According to SANS It Takes a Village…, a popular service Plaxo now lets you store all of your contacts data in their “free” online database. And then emails all of YOUR friends and invites them. And it’s all free. Right.

To broadly paraphrase one Internet wise guy, “If someone emails YOU and tells you that YOUR birthday and / or email address has been added to their online database, and asks you to add your friends to your entry, please forget that I’m your friend.”.

Seriously. DO NOT EVER add my name, birthday, email address, or anything about me, to any online database without ME telling you to do so, and what database to add it to. And don’t be holding your breath waiting for me to name one that I consider safe. And if I do find one, chances are, it won’t be free.

TANSTAAFL. I’ll be a nice guy.

7/29 And a new worm hits the Internet. The worm, Hagbard.A, passes itself off as an IM from one of your friends, and trys to trick you into downloading a free version of a hot video game, as, according to ZDNet Security, Worm poses as pirated ‘Grand Theft Auto’.

Except what installs itself on your computer is no game, it’s a server program, so YOU can serve up another copy of the worm to your former friends. As one of YOUR former friends just did to you.

Be skeptical, folks. And when you get an IM with a URL in it, always ask yourself if your friend would actually send that. Then ask your friend to verify.

7/28 When asked for technical advice, by someone with AOL, I’m usually tempted to say something curt like “If you have AOL, then you’re beyond my ability to help you”. A lot of Networking and Security snobs will say that anyway.

Today, that attitude shouldn’t apply. If you have AOL, particularly Bring Your Own Internet, where you pay for AOL content but have another ISP, you’re just like any Internet user. So, since you hopefully understand about the need for Defense In Depth, aka Layered Security, you setup a NAT router and / or a personal firewall, just like any other Internet user. And you’re just as safe as any other Internet user. Right?

Wrong.

With the AOL Bring Your Own Internet service, you setup a Virtual Private Network between your network and AOL. You get AOL content, but it’s safer than the rest of the Internet, because the VPN means no unsafe traffic from non-AOL sources. If you can trust AOL, then you’re safe.

Unfortunately, the AOL VPN goes from your computer, thru your personal firewall, and thru your NAT router, as protected content. Neither your personal firewall nor router filter it in any way. And if the AOL content ever becomes dangerous, your network is wide open. Lawrence Baldwin, of myNetWatchman, provided Why you should block AOL Client on a corporate network, which explains the problem in more detail, some time ago.

Today, SANS offers The Penetrating Packets: Spam E-Mail (scroll down a bit from the top of their page, there’s no direct link), which is a real live example of how someone’s AOL connection, thru his home network, caused contamination of an actual workplace network.

If you have AOL (and I won’t get into what I don’t like about it), particularly AOL with BYO Internet, please examine how your firewall / router / other Layered Security is setup. Please harden your network with a bit of extra care. Don’t trust the AOL backbone any more than you must.

7/26 As a follower of Christianity, we are taught to love our enemies. Nonetheless, it’s hard not to feel some small bit of pleasure in reading SecurityFocus Russian spammer murdered.

Apparently, even though spamming is not illegal in Russia, someone there saw fit to end his arrogant abuse of the Internet.

The elimination of one bad guy can only be a small improvement in the world; Lord willing, more of his coworkers might be hoped to follow him. We have the right to enjoy the Internet and all of its legitimate improvements upon our lives without having to put up with abuse by Kushnir and his peers.

2005/07/26 The increasing popularity of blogs has now drawn its share of imiitators, including the bad guys. A Blog, which is simply a bulletin board or discussion forum with easy to use software, can be setup by most folks with any technical skills, and that apparently includes some bad guys, who are now luring the innocent to their sites from email and Instant Messages.

When a victim clicks on a link, the computer becomes infected. In one case, a greeting card was displayed and a tune played in the background while spyware was being installed on the compromised PC, Websense said.

Once again, if you’re going to surf the web, particularly from IM and email, please protect your computer.

At best, you will be charged a $35 fee for the same information which is available from the genuine website for nothing. In extreme cases, you may become an identity theft victim, if you unknowingly provide your SSN and other details to one of the more malicious websites.

The link to the genuine website is above. Or, type the URL very carefully, as “www.annualcreditreport.com”. Or, as Paul Dixon recommends, contact the credit bureaus by phone or mail.

2005/07/14 Oh by the way, for those of you using Firefox (and I hope that includes most of you!), Firefox V1.0.5 has just been released. Install it, please.
2005/07/13 Another chapter in one of my favourite serial security articles – Follow the Bouncing Malware VI: Hypnotized and EULAgized was published today. For those of you who are new to this web page, FTBM is a repeating yet every changing look into how clever the malware authors of the world are getting.

Follow the Bouncing Malware is a SANS feature that started about a year ago, as one unprotected computer was exposed to the Web, and its ensing infections recorded in detail. It was so popular that it’s author has repeated his experiment 5 times since the original, with something new each time.

2005/07/12 Happy Patch Tuesday! Microsoft released 3 critical patches today. Start patching.
2005/07/12 So, almost 2 weeks since the last alert. Boring? Not really. True, there haven’t been too many new threats. I’d guess that the bad guys have been too busy managing their ongoing activities, selling their services, and traveling to the bank with all their illegally earned cash, to create any new threats.

Who needs new threats? The increase in botnet activity quadrupled in April thru June of this year, compared to the previous quarter. That’s from a McAfee Quarterly Report, as reported by ZDNet Security: Computer hijacking on the rise.

2005/06/28Earlier this month, I alerted you to an old threat that had just been enhanced by its creators, making it even more of a nuisance. Bagle, renamed MitGlieder, had been released in a new, enhanced, form with extra powers.

Well, ZDNet Security reports that MitGlieder.BQ was released last weekend. So keep being very careful what email you open – look out for surprises, because this one is a surprise that you don’t want!

2005/06/22 If you use secure websites that require a username and password, make sure that you protect yourself against phishing attempts from malicious websites. The latest threat? If you surf to a malicious website, that isn’t already blocked by a Layered Defense, the website could open a window from a website that you trust, then a pop-up window on top of that from their own website. If the pop-up window doesn’t display any details about where it comes from, you could be fooled into thinking that it’s from the trusted website underneath.

You enter your username and password to the trusted website into the phishing window, and the bad guys now have your username and password.

The solution? Don’t trust pop-up windows that don’t include an address bar or a lock icon that verifies that it came from a certified source.

Now, it’s not a bad idea to alert others to problem blogs and similar websites. But when you do it using an open link, the search engines will be putting that link into their databases, when they come thru the forum and find it.

And that’s not hurting the blog, or its owner.

Half the folks reporting the abusive blogs are the blog owners. They want quick readership, and search engine hits.

will go and look there. They have to look – if they are going to report the problem, they have to see the problem first. And the search engines will be right behind them, pumping up the value of the blog.

And ringing the cash register of the blog owner.

And half the time, the content of the blog will be so lame, it’s not even worth reporting. But the blog gets the hits anyway.

Make the choice wisely. Blogs using the old template may or may not be visible and accessible from New Blogger, and vice versa. If you login, and your blog isn’t listed, or if listed isn’t accessible, then logout, and login again carefully.

But the first time that you use the new login procedures, be sure to clear cache and cookies, first. Blogger appears to be reusing addresses, cookies, and scripts, even though they are providing a new set of servers (“www2.blogger.com”, instead of “beta.blogger.com”, for instance). If one of your cookies continues to point your browser to “beta.blogger.com”, guess what will happen?

No, I can’t say for sure. But I’ll bet that you’re not as likely to see your dashboard, when it does.

I’ll wager that none of the three have any executives who play golf (throw a Frisbee?) with each other, regularly.

Each company released some software, recently.

Google released Blogger Beta on August 14.

Microsoft released Internet Explorer V7 on November 14.

Mozilla released Firefox V2 on October 24.

Consider those dates, then tell me how likely is it that Google tested Blogger Beta to work with either Firefox V2, or Internet Explorer V7? I’ll bet better than even money that neither Firefox V2, nor Internet Explorer V7, was part of the Blogger testing platform.

That being the case, maybe we can’t blame Blogger for all of the problems with Blogger Beta, or with Blogger in general. If you upgraded to Firefox V2 or Internet Explorer V7 recently, and you’re having problems with Blogger, maybe you need to look at your computer, before you complain to Blogger.

You probably (better) have other hardware / software that’s protecting you, provided by neither of the above three, that you have to consider too.

That’s good news – if you’re the blog owner. Short of your blog being hacked, what you publish will remain online forever. Of course, your ability to maintain your blog and URL will be subject to your ability to maintain the account that administers the blog.

That’s bad news – if you’re the wanna be publisher to the URL, and that URL is not available.

Periodically, we see the question

I want to publish my blog to this URL. There’s a blog at that address, but it hasn’t been updated in years. Can Blogger give me that address?

The email address, for many Bloggers, is half of the authentication, to the account used for maintaining the blogs. Would you want Blogger giving out your email address to anybody who asked for it? Nope. So would you expect Blogger to give you somebody else’s email address?